Posted
by
timothy
on Friday November 19, 2010 @03:26AM
from the gesticulate-wildly dept.

holy_calamity writes "Tech Review discusses how it will soon be possible to pay in stores by waving your cellphone over a contactless reader, thanks to new handsets due next year, and RFID stickers and cases offered today by firms including Visa. It's convenient for shoppers, but a major driver of the technology is the opportunity for retailers to gain access to their customers' cellphones and social networks for marketing purposes."

Pretty much this. NFC payment via phones has been one of the main reasons why western style smartphones like iphone have been a complete and utter failure in Japan. If you can't even do basic things like pay for your train ticket with a smartphone, then what good is the smart part?

Imagine an iphone that you couldn't send or receive text messages with. Would you buy it? NFC payments are so widespread there that it's in the same general category in Japan.

On an average commute (the times where you really get to see what phones everybody are using), I'd say anywhere from a third to half of the phones I see people with are iPhones. It's certainly not a failure here, though if it were to be, it wouldn't be the RFID payment thing (which most people don't use because it's damn near impossible to figure out unless you're the sort of person that regularly posts to Slashdot). It would be because it can't handle websites aimed at Japanese phones, by which I mean the vast majority of websites accessed via a QR code printed somewhere which actually go as far as to completely block access to all but regular phone browsers. These sites are a valuable source of games (very bad ones), discount coupons, postage stamp sized pictures of celebrities that you get to set as your background screen for free, and other such wonders which are fantastically important to the phone buying market.

third to half wouldn't fit with sales numbers, nor any other information coming out of japan.

nfc needs banks and institutions like metro systems to participate for it to be worthwhile, the techs been out there for so long. that is the 'figuring' out part, to just make it work. the close collaboration with tech manufacturers that the japanese telcoms do helps with this.

I would guess a lot of those people playing with iPhones have second phones as well. iPhone is still the second and third best selling phone in Japan at the moment (beaten from first only recently by an Android handset) so again, nothing like a failure.
Source: http://www.analytica1st.com/2010/11/japan-best-selling-phones-apple-iphone.html [analytica1st.com]
The RFID enabled phones here do actually work quite well. They work on the train systems, convenience stores and news stands, some vending machines, an increasing number

I'm surprised this story is even news, I've had an RFID sticker on my phone for some time now. It is pre-paid and I can opt to receive a text message whenever I use it, so if it's used without authorization I would know immediately: PingPing [pingping.be]

I left the group almost 6 years ago, and they hired me back as a freelance contractor nearly 4 years ago. The trial extends to shops and businesses in the area around the towers. Pomodoro [pommodoro.be] allows payment via PingPing for example. But yes - the trials are centred around Belgacom staff at the moment.

"If you can't even do basic things like pay for your train ticket with a smartphone,"

I live in old Europe but I have been paying parking fees, train and bus tickets for years with my phone.For the trains and buses the phone even _is_ the ticket, just an SMS that you show to the train/bus guy.And I initiate the payment by sending a single letter as SMS message, completely under my control.

Not just in japan. I submitted a story [slashdot.org] about Malaysia rolling this out over a year and a half ago. Heck, In 2007 [pcworld.com] Wells Fargo started testing a pay-by-phone in the USA. This has been happening in Asia for a long time and coming in the USA for a long time.

and in Korea. It's a surprise the iPhone has been so popular here with all the things it lacks that Koreans were crazy over, like Tmoney (the payment method), DMB receiver for TV, free english/korean dictionaries, etc.Though given that tmoney is nothing more than a thin wire in a card or dongle, it would be trivial to mount one of these in an iPhone bumper case to duplicate it.

that's just it in America the cell companies won't do anything they can't get 50-75% of the revenue from.

I would love an FM reciever. AT&T has one model phone available with an FM receiver. they have crippled said phone with their own software that can't be removed and six months later it is running a year old OS.( android 2.1) with zero upgrade plans ever. So the first thing one has to do is root the phone to uninstall their software, upgrade the phone to the latest, and then to be secure re lock the

Yeah, I can't wait to submit my cell-phone to retailers so they can access details of my social networking activities in order to try and sell me junk. It's not enough that they try and sell me goods and services I don't want when I'm already buying their stuff, now they want to data-mine my phone at the checkout as well.

I didn't even have to finish reading the synopsis here before clearly thinking:

Not A Chance In Hell

Geez...I don't want identifying RFID's on my tires, clothes, credit cards or passports, why the fsck would I want them for my phone and to actively contribute to corporations data stores on me and my habits?

And do a lot of programming. For instance, I cannot remove those stupid facebook, twitter, etc "features" from my N900 because they are in the basic part of it. I am not sure if I even could remove them with a half year dedicated study of the OS and development documentation.

And do a lot of programming. For instance, I cannot remove those stupid facebook, twitter, etc "features" from my N900 because they are in the basic part of it. I am not sure if I even could remove them with a half year dedicated study of the OS and development documentation.

Funny, my boss has N900 and he doesn't even have twitter account. He did finally join Facebook a while ago, but as far as I know, didn't configure it for the phone. Skype he did configure, but even with that he initially thought that he would need to install something until he found it in the configuration options.

Is it too much of a stretch to say, what about an interface between the RFID and phone for entering a PIN? Or even the machine the RFID is "swiped" to requesting a pin? If it would be as easy as it is nowadays to disable a card, i'd be all down for that. Heck, I've had a friend who lost his debit card and didn't even realize until the bank called him, told him that suspicious stuff was going on and was able to get him all his lost money back and re-issue him with a new card.

Right. What could possibly go wrong? I do not want RFID chips associated with my credit card. I'm happy with the '60s-'70s tech magnetic strip which can still be cloned but not just by walking by someone with an RFID scanner.

The night club offers its VIP clients the opportunity to have a syringe-injected microchip implanted in their upper arms that not only gives them special access to VIP lounges, but also acts as a debit account from which they can pay for drinks.

This sort of thing is handy for a beach club where bikinis and board shorts are the uniform and carrying a wallet or purse is really not practical.

[13:16] And it maketh all, the small, and the great, and the rich, and the poor, and the freemen, and the servants, that it may give to them a mark upon their right hand or upon their foreheads, [13:17] and that no one may be able to buy, or to sell, except he who is having the mark, or the name of the beast, or the number of his name. --Revelations 13:16-17, New Testament (Young's Literal Translation) [bible.cc]

I know it's against Slashdot protocol and all to cite religious texts, but if this isn't the prophecy from the Book of Revelation coming true, I don't know what is. I don't know about the rest of you, but the first time they try to inject that thing into my hand, I'm going to cite this religion text and state boldly and unwaveringly that it is against my religion to have an RFID implant. Posted AC because the mere mention of religion here without bashing it poses great risk to karma.

Personally I don't see the point of just having a dumb RFID chip in me, I'd rather have some smarter tech with some kind of user interface (preferably something a bit more "Ghost in the shell" and not just a keyboard implanted in one wrist and a monitor in the other).

As for religious objections, you're free not to get cyberized (to use a word from GitS) and although I may find your reason for it silly I would probably also refuse simply getting a "dumb" implant that does little more than act as a glorified

As for religious objections, you're free not to get cyberized (to use a word from GitS) and although I may find your reason for it silly I would probably also refuse simply getting a "dumb" implant that does little more than act as a glorified ID card.

Please reply to what the GP actually posted. Their bible quote points out that eventually *everyone* will have to have the "mark" to do transactions. There eventually will be no opting out. You're better off not replying if you aren't going to read what the person whote that you are replying directly to.

It sounds to me that you're implying that the bible quote is somehow an accurate prediction of the future. I'm having a bit of trouble believing in that. Even if it becomes extremely common (which I doubt).

Also, it's a quote from a collection of fairy tales several thousand years old, hardly an accurate prediction of technological progress or world events.

Exactly. The "mark" fear is based on the idea that a lot of Romans of non-proper birth were locked out of markets and opportunity. It was John's way of saying "Hey, they'll do this to all of us! Down with the Emperor! Christ will come in our lifetime, shut down the Emperor and save us."

Didn't exactly come to pass, but like Nostradamous or whomever, the emotionally unbalanced and credulous hold up these writings as accurate and simply reinterpret everything to fit modern history. When I was a kid Revelation

Please reply to what the GP actually posted. Their bible quote points out that eventually *everyone* will have to have the "mark" to do transactions. There eventually will be no opting out. You're better off not replying if you aren't going to read what the person whote that you are replying directly to.

Let's assume Bible to be inerrant. Let's also assume that this particular quote was meant as a prediction of future events thousands of years away; there's a pretty strong argument that the whole Book of Revelation was written as a thinly-disguised "fuck you" to the Roman Empire, who had a habit of putting their rulers portraits on their money (so you'd have to take the "image of the beast" into your hand to conduct transactions) and requiring worship of said rulers, and had a ruler (Nero) who had just died but was rumored to be alive and about to return, was commonly considered a beast, and who's name can be read as "666" by a common numerological method of the time, but let's ignore all that.

Even with these assumptions, your argument is illogical. There is no reason to assume that RFID tags really are the fulfilment of a particular prophecy, just because they could be. You certainly can't assume that they are, then use that to "disprove" any counterarguments, for that is begging the question. The GP pointed out that RFID tags seem unlikely to go the way the Mark of the Beast is supposed to; that's evidence that RFID tags are not, in fact, Mark of the Beast, not that they are MotB and a miracle will enforce all the conditionals.

This is why religious arguments usually get modded down: even if you assume that said religion is correct, the arguments themselves tend to be one logical fallacy on top of another, and often completely incoherent.

Please reply to what the GP actually posted. Their bible quote points out that eventually *everyone* will have to have the "mark" to do transactions. There eventually will be no opting out. You're better off not replying if you aren't going to read what the person whote that you are replying directly to.

Or we could say it already happened, if we take the "mark" to be credit. To participate in modern society, one has to have a credit history. It's very difficult to live a cash-only life - things like buying

Leviticus 25:35 'If one of your countrymen becomes poor and is unable to support himself among you, help him as you would an alien or a temporary resident, so he can continue to live among you. 36 Do not take interest of any kind from him, but fear your God, so that your countryman may continue to live among you. 37 You must not lend him money at interest or sell him food at a profit.'

Skip forward a bit and a lot of Jesus' teachings revolve around debt (because it was universal concepts).
I doubt that financial debt was "the beast" since it's been a part of human interactions since trading was invented.

Except, you know, context. The whole book was little more than a thinly veiled attack on the Roman authorities. John was very much an anti-establishment character. He was especially critical of the worship of the Emperor as a deity. Not to mention John, like most early Christians, expected all this to happen in his lifetime.

>but the first time they try to inject that thing into my hand

The same "they" that make you carry a cellphone? The same "they" that make you use facebook? If anything you'll be clamor

Worst case, you'll lose between £10 and £15. This is because transactions have two limits, a maximum cumulative amount and a maximum purchase amount.

If someone steals your phone, then they'll be able to make a couple of low value payments. However as soon as they make a payment which is over the purchase amount or they make a number of low value payments and the next one will take them over the cumulative account, then they will need to validat

How many transactions will I be doing from my pocket on a crowded subway?

I don't know but with any luck you will be paying for my porn site subscription and enough credit to download the videos on my anonymous PAYG phone. I might have enough credit left to call uncle Osama too. I don't know which will be worse, explaining to your wife about the porn or to the police about the calls to suspicious people in Afghanistan.

And the blackhat standing by the exit door with a 50$ RFID-reader gets my account as well.

I work at a company who works on the cellphone side of the thing. It's been part of the specs since the first drafts that transfers require a manual validation (press a button) to occur. Did you really think you were the first to think of that.

Ok, and how do you KNOW that "ok" button is for the store and not the person at the door?
I don't see the point of using RFID tags that have been shown over and over to be insecure when the could simply us the GSM network with a dedicated security layer (SSL?) overtop.
And in case anyone suggests having the phone ask which information you would like to share, I'd just like to point out how well THAT worked for facebook when every thing demands everything.

Oh, I'm certain I'm not the first to think of that, but if the Windows security model has taught me anything, it's that people will blindly click anything to get to the goodies (in this case phonecall/Angry Birds/txtservice) underneath, and I believe that this will extend to smart-phones as well.

Putting a PIN on there might help a little, but the whole RFID still strikes me as just a bit too immature to trust it with financial transactions just yet.

Or you just put in an activation button, or put a password on each transaction, or put a password on certain transactions (to short time between, or too large amount, or in the wrong GPS area or whatever you can think off).

Personally I agree though that if you make it too convenient to use it will be easy to attack. So you have to make it less convenient to use (need to hold button on phone while swiping and need to type password if amount is over 20 USD etc.) and then suddenly you have a system that is onl

Am I just mad that I tend to think, if I have to enter a password to be able to use this, I'd rather not have it and just carry on using my traditional cards (since they already work on a "password" basis), and in turn the phones will be cheaper to produce and I won't have to go through nonsense setting this up every time I buy a new phone?

The security problem is easy: How about your phone just asks you whether you accept the charges, and you click "Yes". Of course there will always be fraud wherever there's money, but such a confirmation system seems much more secure than existing US-style credit cards.

And you should have more faith in humanity that FB updates won't automatically go out whenever you buy something. We've learned that's a bad idea. But maybe people can choose specific purchases to publicize... like if you buy concert ticket

"I don't want a facebook/twitter update of what I bought and where, every time I shop."

Strangely enough, I know enough people who do this by themselves. A Cousin of mine can't even stop for gas without posting about it on his facebook page along with a few cell phone pictures of his car, the station and surrounding area. It's ridiculous what kind of information people will willingly give up for the sake of social networking novelty.

It's ridiculous what kind of information people will willingly give up for the sake of social networking novelty.

Personally I find the narcissism of social networking *far* more ridiculous than the "giving up information part".

Though I imagine the two are linked - "I know I'm not important enough for anyone to give a shit about me, but maybe if I tell the whole world everything I do, I can pretend they all want to know, and the conclude that I'm actually giving something up by broadcasting everything from what's on TV to the consistency of my stool".

You don't even need a blackhat to ruin your own day.
You are in front of a used car retailer. You are sending a SMS to somebody. You see a friend of yours on the other side of the street. You wave at him...

It already exists, in France in Nice. Project was launched last summer in production.
It requires both SIM card and mobile compliant with NFC technology (Near Field Communication).
But it's the very beginning, mobile constructors don't provide any list of devices compliant yet.
You need to be very close to the terminal to have the transaction initiate, no way you can have it done from your pocket.
And everything can be locked by your operator in no time OTA (over the air) if you loose your phone.
For the

The "no way you can have it done from your pocket" only applies for zero gain antennas. The black hat standing at the exit point, or better yet, in the van some meters away with a high gain parabolic antenna would tend to disagree.

I don't have much knowledge on antenna stuff.. but there is as well a notion of validation on handset side.
And the black hat would have to hack the server side of the whole solution, there is a list of allowed resellers you are allowed to use the service with.

If RFID chip is on sticker why put it on mobile phone? You could just have small card in your wallet.

> "People typically have their phone much closer to hand, so I think they are more ready to pay,"> he explains. "For example, many women put their cards at the bottom of their purse for security,> but keep their phone at the very top for easy access."

Won't they start to put phone at the bottom of the bag for security?

And what if someone device looking like anti-theft gate, which in fact deducts mone

Cellphones already support wifi, bluetooth etc., why not simply combined WiFi and paypal, into a smartphone-app to pay for things? (assuming you don't hate paypal)

If a store wants to support cellphone purchasing, they don't need new RFID scanners and service fees, they just need a wireless router, and a corresponding app to handle the smartphone-app's transnational messages. ( patent pending;P )

I guess that you would not want to be able to "wave" a payment over 100 meters, but only on close proximity scanners. Anyway, they need to implement this really well to prevent fraud. Waht could possibly go wrong?:)

so let me get this straight, you can only do it at certain retailers, with certain phones, there is a very small spending limit, it either a. charges with no notification posing obvious security risks or b. requires confirmation on the phone. while sharing your personal information with the retailer and marketers. can someone remind me how exactly this is more convenient than cash or credit card in any way at all?

American Express has had this in some of their cards for a few years but there are two issues with it that keep me from taking advantage of it:

1) They are so keen to promote their RFID system that it uses that system's name as the description of the transaction in your statement. To see what merchant you actually transacted with you have to drill down in that statement entry every single time. Not only is this a PITA but it may require more user effort to spot fraudulent activity when it occurs.